From cc1ec50a4be27212269aeea5870cdd9a46660d4a Mon Sep 17 00:00:00 2001
From: Artem Zahumonnyi <Artem_Zahumonnyi@epam.com>
Date: Tue, 24 Mar 2026 11:31:59 +0200
Subject: [PATCH 1/2] chore(config): remove gitleaks config file

---
 .gitleaks.toml                                | 11 -----
 .husky/pre-commit                             | 21 +---------
 ...ol-specific-credentials-in-api-requests.md |  2 +-
 package.json                                  |  4 +-
 scripts/secrets-check.sh                      | 40 +++++++++++++++++++
 5 files changed, 44 insertions(+), 34 deletions(-)
 delete mode 100644 .gitleaks.toml
 create mode 100755 scripts/secrets-check.sh

diff --git a/.gitleaks.toml b/.gitleaks.toml
deleted file mode 100644
index ad25ff4..0000000
--- a/.gitleaks.toml
+++ /dev/null
@@ -1,11 +0,0 @@
-# Gitleaks configuration
-# https://github.com/gitleaks/gitleaks
-
-title = "Gitleaks Configuration"
-
-[allowlist]
-description = "Allowlist for known false positives"
-paths = [
-  # Generated build artifacts
-  '''build/''',
-]
diff --git a/.husky/pre-commit b/.husky/pre-commit
index 53b4cf1..fd30c7e 100644
--- a/.husky/pre-commit
+++ b/.husky/pre-commit
@@ -1,21 +1,2 @@
 npm run check:pre-commit
-
-# Check for secrets (only if Docker daemon is running)
-if command -v docker >/dev/null 2>&1 && docker info >/dev/null 2>&1; then
-  echo "Checking for secrets with Gitleaks..."
-  npm run secrets:check || {
-    echo "Secrets detected! Please remove sensitive data before committing."
-    exit 1
-  }
-else
-  if command -v colima >/dev/null 2>&1; then
-    echo "Docker daemon not running - Colima is installed"
-    echo "Run 'colima start' to enable secrets detection locally"
-  elif command -v podman >/dev/null 2>&1; then
-    echo "Docker daemon not running - Podman is installed"
-    echo "Run 'podman machine start' to enable secrets detection locally"
-  else
-    echo "Docker not available - skipping secrets detection"
-    echo "Install Docker to enable local secrets scanning"
-  fi
-fi
+npm run secrets:check
diff --git a/faq/how-to-pass-tool-specific-credentials-in-api-requests.md b/faq/how-to-pass-tool-specific-credentials-in-api-requests.md
index c077e00..1086b09 100644
--- a/faq/how-to-pass-tool-specific-credentials-in-api-requests.md
+++ b/faq/how-to-pass-tool-specific-credentials-in-api-requests.md
@@ -49,7 +49,7 @@ curl -X 'POST' \
   'http://localhost:8080/v1/assistants/{assistant_id}/model' \
   -H 'accept: application/json' \
   -H 'user-id: example-user' \
-  -H 'Authorization: Bearer example-token' \
+  -H 'Authorization: Bearer <example-token>' \
   -H 'Content-Type: application/json' \
   -d '{
     "text": "Show my current Jira tickets",
diff --git a/package.json b/package.json
index 996abea..a537bc3 100644
--- a/package.json
+++ b/package.json
@@ -21,8 +21,8 @@
     "format:eslint": "eslint . --fix",
     "format:prettier": "prettier --write .",
     "typecheck": "tsc --noEmit",
-    "secrets:check": "docker run --rm -v \"$(pwd):/path\" ghcr.io/gitleaks/gitleaks:v8.30.1 detect --source=\"/path\" --verbose --no-git",
-    "secrets:check-git": "docker run --rm -v \"$(pwd):/path\" ghcr.io/gitleaks/gitleaks:v8.30.1 detect --source=\"/path\" --verbose",
+    "secrets:check": "sh scripts/secrets-check.sh",
+    "secrets:check-git": "sh scripts/secrets-check.sh --git",
     "commitlint": "commitlint --edit",
     "commitlint:last": "commitlint --from HEAD~1 --to HEAD --verbose",
     "commitlint:test": "commitlint --verbose",
diff --git a/scripts/secrets-check.sh b/scripts/secrets-check.sh
new file mode 100755
index 0000000..6dcb151
--- /dev/null
+++ b/scripts/secrets-check.sh
@@ -0,0 +1,40 @@
+#!/bin/sh
+# Secrets detection using Gitleaks via Docker or Podman.
+# Usage:
+#   scripts/secrets-check.sh          # scan staged files
+#   scripts/secrets-check.sh --git    # scan full git history
+
+GITLEAKS_IMAGE="ghcr.io/gitleaks/gitleaks:v8.30.1"
+CONTAINER_ENGINE=$(command -v docker 2>/dev/null || command -v podman 2>/dev/null)
+
+if [ -z "$CONTAINER_ENGINE" ]; then
+  echo "No suitable container engine found - skipping secrets detection"
+  echo "Install Docker to enable local secrets scanning"
+  exit 1
+fi
+
+if ! $CONTAINER_ENGINE info >/dev/null 2>&1; then
+  if command -v colima >/dev/null 2>&1; then
+    echo "Docker daemon not running - Colima is installed"
+    echo "Run 'colima start' to enable secrets detection locally"
+  elif command -v podman >/dev/null 2>&1; then
+    echo "Docker daemon not running - Podman is installed"
+    echo "Run 'podman machine start' to enable secrets detection locally"
+  else
+    echo "Container engine found but daemon is not running"
+  fi
+  exit 1
+fi
+
+echo "Checking for secrets with Gitleaks..."
+
+if [ "$1" = "--git" ]; then
+  $CONTAINER_ENGINE run --rm -v "$(pwd):/path" "$GITLEAKS_IMAGE" git --no-banner --verbose /path
+else
+  $CONTAINER_ENGINE run --rm -v "$(pwd):/path" "$GITLEAKS_IMAGE" dir --no-banner --verbose /path
+fi
+
+if [ $? -ne 0 ]; then
+  echo "Secrets detected! Please remove sensitive data before committing."
+  exit 1
+fi

From db67f25fdd28a13f4404a2118ebf1373839e25e3 Mon Sep 17 00:00:00 2001
From: Artem Zahumonnyi <Artem_Zahumonnyi@epam.com>
Date: Wed, 25 Mar 2026 16:43:36 +0200
Subject: [PATCH 2/2] fix(config): add orbstack support to secrets-check script

---
 .codemie/claude.extension.json |  4 ++--
 cspell.config.yaml             |  1 +
 scripts/secrets-check.sh       | 11 +++++++----
 3 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/.codemie/claude.extension.json b/.codemie/claude.extension.json
index 1b7234e..887b6b5 100644
--- a/.codemie/claude.extension.json
+++ b/.codemie/claude.extension.json
@@ -1,4 +1,4 @@
 {
-  "version": "1.0.6",
-  "installedAt": "2026-02-06T16:36:05.246Z"
+  "version": "1.0.14",
+  "installedAt": "2026-03-25T14:06:12.886Z"
 }
diff --git a/cspell.config.yaml b/cspell.config.yaml
index 021d8e1..5a3b8f6 100644
--- a/cspell.config.yaml
+++ b/cspell.config.yaml
@@ -202,6 +202,7 @@ words:
   - phpt
   - rhtml
   # Shell commands, utilities and variables
+  - orbstack
   - pwgen
   - bcrypt
   - urandom
diff --git a/scripts/secrets-check.sh b/scripts/secrets-check.sh
index 6dcb151..82cbfc4 100755
--- a/scripts/secrets-check.sh
+++ b/scripts/secrets-check.sh
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/usr/bin/env bash
 # Secrets detection using Gitleaks via Docker or Podman.
 # Usage:
 #   scripts/secrets-check.sh          # scan staged files
@@ -7,7 +7,7 @@
 GITLEAKS_IMAGE="ghcr.io/gitleaks/gitleaks:v8.30.1"
 CONTAINER_ENGINE=$(command -v docker 2>/dev/null || command -v podman 2>/dev/null)
 
-if [ -z "$CONTAINER_ENGINE" ]; then
+if [[ -z "$CONTAINER_ENGINE" ]]; then
   echo "No suitable container engine found - skipping secrets detection"
   echo "Install Docker to enable local secrets scanning"
   exit 1
@@ -20,6 +20,9 @@ if ! $CONTAINER_ENGINE info >/dev/null 2>&1; then
   elif command -v podman >/dev/null 2>&1; then
     echo "Docker daemon not running - Podman is installed"
     echo "Run 'podman machine start' to enable secrets detection locally"
+  elif command -v orbstack >/dev/null 2>&1; then
+    echo "Docker daemon not running - OrbStack is installed"
+    echo "Start OrbStack to enable secrets detection locally"
   else
     echo "Container engine found but daemon is not running"
   fi
@@ -28,13 +31,13 @@ fi
 
 echo "Checking for secrets with Gitleaks..."
 
-if [ "$1" = "--git" ]; then
+if [[ "$1" == "--git" ]]; then
   $CONTAINER_ENGINE run --rm -v "$(pwd):/path" "$GITLEAKS_IMAGE" git --no-banner --verbose /path
 else
   $CONTAINER_ENGINE run --rm -v "$(pwd):/path" "$GITLEAKS_IMAGE" dir --no-banner --verbose /path
 fi
 
-if [ $? -ne 0 ]; then
+if [[ $? -ne 0 ]]; then
   echo "Secrets detected! Please remove sensitive data before committing."
   exit 1
 fi